List Set And Change Standard Ugo Rwx Permissions
General Information
Ownership and permissions.
Permissions Overview
Permissions tools
chmod ⇒ Change permissions for user, group, other, or all
chown ⇒ Change user/group ownership
Chmod Modes
symbolic ⇒ represent permissions via u,g,o,a
octal ⇒ represent permissions with numbers
Change file1 ownership to rjones and group to student
chown rjones:student file1
List Permissions
ls -l
-rw-r--r--. 2 root root 0 Jun 20 15:11 file1
-rw-r--r--. 2 root root 0 Jun 20 15:11 file2
drwxr-xr-x. 3 root root 17 Jun 20 14:50 newdir
First column ⇒ - (file), d (directory, l (symlink)
Columns 2-4 ⇒ User owner permissions (rwx)
Columns 5-7 ⇒ Group permissions (rwx)
Columns 8-10 ⇒ Other permissions (rwx)
Change Permissions
Symbolic
u ⇒ user owner
g ⇒ group
o ⇒ other users
a ⇒ all users
Add write permissions to a file for the group
chmod g+w file1
Take away read permissions for others, for all of dir1 directory and its contents
chmod -R o-r dir1
Add execute permissions to directories only in a tree
chmod -R ug+X dir1
Octal
Set file1 permissions using octal notation
chmod 740 file1
user owner ⇒ read(4),write(2),execute(1) permissions (4+2+1=7)
group ⇒ read(4) permissions
others ⇒ no(0) permissions
Setuid, Setgid, sticky bits
Setuid ⇒ execute file with owner's permissions
Setgid ⇒ execute file with group's permissions (most often set on directories to keep files created in that dir owned by the group)
Sticky bit ⇒ when set on a directory, prevents file deletion unless the user is the owner. (even if they have write permissions)
Add setuid to script1
chmod u+s script1
Same scenario, octal mode
chmod 4740 script1
When there are four numbers in chmod, the first is for setuid/gid/stickybit:
4 ⇒ setuid
2 ⇒ setgid
1 ⇒ sticky bit
umask: default file/directory permissions
umask permissions are “masking” the permissions that we don't want to have.
New files will not be created with execute permissions by default.
New directories will be created with execute permissions by default.
View current defaults
umask
0022
Defaults show above are in octal
Owner ⇒ 0 (don't mask any)
Group ⇒ 2 (mask write permissions)
Others ⇒ 2 (mask write permissions)
The above yields a file with the following permissions by default:
-rw-r--r-- 1 user user 0 Jun 22 14:01 file1
Temporarily change the default for this session only
umask 266
touch testfile
ls -l
dr-x--x--x 2 user user 4096 Jun 22 14:09 testdir
-r-------- 1 user user 0 Jun 22 14:08 testfile
Permanent umask changes (system wide)
vim /etc/bashrc
vim /etc/profile
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
User accounts with a user id greater than 199 and the group name is the same as their username ⇒ umask of 002.
All other users ⇒ umask of 022
Note: Need to make this change in /etc/bashrc and /etc/profile